Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Sun Apr 20, 2014 4:30 am
([msg=80314]see Re: Please ask questions ONLY in this topic.[/msg])

ledixer wrote:I've submitted a p**m but when I try to open it, It says "Not allowed weirdo"


Weird, feel free to send me the message you tried to submit. That's an odd response...
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Adrasteia the Inescapable on Sun Apr 20, 2014 11:49 am
([msg=80317]see Re: Please ask questions ONLY in this topic.[/msg])

-Ninjex- wrote:
ledixer wrote:I've submitted a p**m but when I try to open it, It says "Not allowed weirdo"


Weird, feel free to send me the message you tried to submit. That's an odd response...

I think it says that when you try to access any file that doesn't exist, as the script doesn't actually create files on the server.
Adrasteia the Inescapable
New User
New User
 
Posts: 33
Joined: Sun Mar 09, 2014 12:02 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ledixer on Mon Apr 21, 2014 9:28 am
([msg=80322]see Re: Please ask questions ONLY in this topic.[/msg])

Oh, I've solved the problem, thanks for everyone
ledixer
New User
New User
 
Posts: 2
Joined: Sun Apr 20, 2014 2:29 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mubai34 on Mon May 12, 2014 5:23 am
([msg=80651]see Re: Please ask questions ONLY in this topic.[/msg])

Adrasteia the Inescapable wrote:
-Ninjex- wrote:
ledixer wrote:I've submitted a p**m but when I try to open it, It says "Not allowed weirdo"


Weird, feel free to send me the message you tried to submit. That's an odd response...

I think it says that when you try to access any file that doesn't exist, as the script doesn't actually create files on the server.


These false negatives actually took me off track for several days.

I assumed there might be a "poems" directory, and that files are written there, but when trying a test poem, I could not access it through readpoem.php or even directly, the same way it allows you to do with existing poems.

So I had to conclude the structure is something else, or that file names are not poemname (or any version of it with a logical suffix), which took me off track.

The solution is simple, but except for the wrong content case, all other paths I've tested did not give the indications that would be expected in a real world consistent scenario. This might be the main difficulty of this specific challenge for people who get over the technical part.
mubai34
New User
New User
 
Posts: 1
Joined: Mon May 12, 2014 5:08 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Thu May 15, 2014 10:12 am
([msg=80710]see Re: Please ask questions ONLY in this topic.[/msg])

At the end of the day, HTS is still just a sandbox and not the real thing. No poems actually get stored or this site itself would or could be vulnerable. So in my opinion, if you understand the technical part completely, you should probably know that too.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by HKyouma on Sun Jun 15, 2014 3:51 am
([msg=81423]see Re: Please ask questions ONLY in this topic.[/msg])

Hi !

I finally completed the challenge but now that it is done, I don't understand very well some technical aspects in the second part... Could I discuss it with someone ? Thanks!
HKyouma
New User
New User
 
Posts: 1
Joined: Sun Jun 15, 2014 3:47 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Sun Jun 15, 2014 2:13 pm
([msg=81440]see Re: Please ask questions ONLY in this topic.[/msg])

You need 2 posts to PM, but once you have, you may PM me.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by TheDoctor_Yes on Wed Jun 18, 2014 9:49 am
([msg=81519]see Re: Please ask questions ONLY in this topic.[/msg])

I've solved the problem but this command (<!--#exec cmd="mv oldindex.html index.html" -->) isn't correct?

In the real world it would be successful?
TheDoctor_Yes
New User
New User
 
Posts: 3
Joined: Sun Jun 15, 2014 7:48 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Wed Jun 18, 2014 9:56 am
([msg=81520]see Re: Please ask questions ONLY in this topic.[/msg])

SSI != Directory Traversal
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Wed Jun 18, 2014 1:30 pm
([msg=81525]see Re: Please ask questions ONLY in this topic.[/msg])

TheDoctor_Yes wrote:In the real world it would be successful?

No, it won't, learn how it works before claiming that. If it worked on your end, you did something wrong copying the challenge and if you didn't copy the challenge, how would you even know that it should've worked?
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests